Computer Science ›› 2020, Vol. 47 ›› Issue (3): 287-291.doi: 10.11896/jsjkx.190200332

• Information Security • Previous Articles     Next Articles

Improved TLS Fingerprint Enhance User Behavior Security Analysis Ability

HU Jian-wei,XU Ming-yang,CUI Yan-peng   

  1. (School of Cyber Engineering, Xidian University, Xi’an 710071, China)
  • Received:2019-02-20 Online:2020-03-15 Published:2020-03-30
  • About author:HU Jian-wei,born in 1973,Ph.D,asso-ciate professor.His main research inte-rests include cyberspace security and so on.

Abstract: With the upgrade of offensive and defensive confrontation,the combination of user behavior analysis and network security has gradually entered the researchers’ field of vision.User behavior analysis technology can achieve active defense by identi-fying untrusted users and preventing the intrusions before being attacked successfully.Currently,the datasets used in user beha-vior analysis in Web security are mainly the application layer HTTP data,which is insufficient toidentity user and is likely to cause false negatives.This paper proposed an improved TLS fingerprint data based on n-gram and Simhash,which enhances the fault tolerance of the existing TLS fingerprint.The application by using the improved fingerprint to user behavior analysis can improve the accuracy of user indentification.The comparative experiment used convolutional neural network to model and analyze the fingerprint data and log-type user behavior data obtained from the real environment.The results show that the improved TLS fingerprint data can identify normal users and hackers more effectively,and the accuracy is improved by 4.2%.Further analysis shows that the improved TLS fingerprint can trace hackers to a certain extent by correlating user behaviors and timeline backtracking,thus providing an intelligence context for security incident investigation.

Key words: Convolutional neural network, TLS fingerprint, User behavior analysis, Web security

CLC Number: 

  • TP393
[1]YONG B,LIU X,LIU Y,et al.Web Behavior Detection Based on Deep Neural Network[C]∥2018 IEEE SmartWorld,Ubiquitous Intelligence & Computing.IEEE,2018:1911-1916.
[2]PENG T,QIU W D,ZHENG H,et al.SQL Injection Behavior Mining Based Deep Learning[C]∥Proceedings of 14th International Conference.Nanjing,China,2018.
[3]ECKERSLEY P.How unique is your web browser? [C]∥Proceedings of the 10th International Conferenceon Privacy Enhan- cing Technologies.Berlin:Springer,Heidelberg,2010:1-18.
[4]NAKIBLY G,SHELEF G,YUDILEVICH S.Hardware fingerprinting using HTML5[J].arXiv:1503.01408,2015.
[5]CAO Y Z,LI S,WIJMANS E.Browser fingerprinting via OS and hardware level features[C]∥Proceedings of Network & Distributed System Security Symposium (NDSS).2017.
[6]GOOGLE.HTTPS encryption on the web [EB/OL].https://trans parencyreport.google.com/https/overview.
[7]W3TECHS.Usage of Default protocol https for websites[EB/OL].https://w3techs.com/technologies/details/ce-httpsdefault/all/all.
[8]IVAN.Examples of the information col- lected from SSL handshakes [EB/OL].http://blog.ivanristic.com/2009/07/examples-of-the-information-collected-from-ssl-handshakes.html.
[9]MAREK.SSL fingerprinting for p0f [EB/OL].https://idea. popc ount.org/2012-06-17-ssl-fingerprinting-for-p0f.
[10]LEE B.Stealthier Attacks & Smarter Defending with TLS Fingerprint [EB/OL].http://blog.squarelemon.com/tls-fingerprinting.
[11]HUSÁK M,CERMÁK M,JIRSÍK T,et al.HTTPS traffic ana- lysis and client identification using passive SSL/TLS fingerprin-ting[J].EURASIP Journal on Information Security,2016,2016(1):6.
[12]ALTHOUSE J.Open Sourcing JA3 [EB/OL].https://engi- neering.salesforce.com/open-sourcing-ja3-92c9e53c3c41.
[13]DIERKS T,RESCORLA E.The transport layer security (TLS) protocol version 1.2[OL].https://datatracker.ietf.org/doc/rfc5246/.
[14]GOOGLE.Applying GREASE to TLS Extensibility,IETF Draft[OL].https://mailarchive.ietf.org/arch/msg/ietf-announce/15r5EP6SEBb8zA-T5UoeMo5OFyg/.
[15]ZHANG M,XU B Y,BAI S,et al.A Deep Learning Method to Detect Web Attacks Using a Specially Designed CNN[C]∥International Conference on Neural Information Processing.Springer,Cham,2017:828-836.
[16]SAXE J,BERLIN K.eXpose:A character-level convolutional neural network with embeddings for detecting malicious URLs,file paths and registry keys[J].arXiv:1702.08568,2017.
[17]LE H,PHAM Q,SAHOO D,et al.URLNet:Learning a URL Representation with Deep Learning for Malicious URL Detection[J].arXiv:1802.03162,2018.
[18]KRIZHEVSKY A,SUTSKEVER I,HINTON G E.Imagenet classification with deep convolutional neural networks [C]∥Advances in Neural Information Processing Systems.2012:1097-1105.
[1] ZHOU Le-yuan, ZHANG Jian-hua, YUAN Tian-tian, CHEN Sheng-yong. Sequence-to-Sequence Chinese Continuous Sign Language Recognition and Translation with Multi- layer Attention Mechanism Fusion [J]. Computer Science, 2022, 49(9): 155-161.
[2] CHEN Yong-quan, JIANG Ying. Analysis Method of APP User Behavior Based on Convolutional Neural Network [J]. Computer Science, 2022, 49(8): 78-85.
[3] ZHU Cheng-zhang, HUANG Jia-er, XIAO Ya-long, WANG Han, ZOU Bei-ji. Deep Hash Retrieval Algorithm for Medical Images Based on Attention Mechanism [J]. Computer Science, 2022, 49(8): 113-119.
[4] DAI Zhao-xia, LI Jin-xin, ZHANG Xiang-dong, XU Xu, MEI Lin, ZHANG Liang. Super-resolution Reconstruction of MRI Based on DNGAN [J]. Computer Science, 2022, 49(7): 113-119.
[5] LIU Yue-hong, NIU Shao-hua, SHEN Xian-hao. Virtual Reality Video Intraframe Prediction Coding Based on Convolutional Neural Network [J]. Computer Science, 2022, 49(7): 127-131.
[6] XU Ming-ke, ZHANG Fan. Head Fusion:A Method to Improve Accuracy and Robustness of Speech Emotion Recognition [J]. Computer Science, 2022, 49(7): 132-141.
[7] WU Zi-bin, YAN Qiao. Projected Gradient Descent Algorithm with Momentum [J]. Computer Science, 2022, 49(6A): 178-183.
[8] YANG Yue, FENG Tao, LIANG Hong, YANG Yang. Image Arbitrary Style Transfer via Criss-cross Attention [J]. Computer Science, 2022, 49(6A): 345-352.
[9] YANG Jian-nan, ZHANG Fan. Classification Method for Small Crops Combining Dual Attention Mechanisms and Hierarchical Network Structure [J]. Computer Science, 2022, 49(6A): 353-357.
[10] ZHANG Jia-hao, LIU Feng, QI Jia-yin. Lightweight Micro-expression Recognition Architecture Based on Bottleneck Transformer [J]. Computer Science, 2022, 49(6A): 370-377.
[11] WANG Jian-ming, CHEN Xiang-yu, YANG Zi-zhong, SHI Chen-yang, ZHANG Yu-hang, QIAN Zheng-kun. Influence of Different Data Augmentation Methods on Model Recognition Accuracy [J]. Computer Science, 2022, 49(6A): 418-423.
[12] SUN Jie-qi, LI Ya-feng, ZHANG Wen-bo, LIU Peng-hui. Dual-field Feature Fusion Deep Convolutional Neural Network Based on Discrete Wavelet Transformation [J]. Computer Science, 2022, 49(6A): 434-440.
[13] ZHAO Zheng-peng, LI Jun-gang, PU Yuan-yuan. Low-light Image Enhancement Based on Retinex Theory by Convolutional Neural Network [J]. Computer Science, 2022, 49(6): 199-209.
[14] LIU Lin-yun, CHEN Kai-yan, LI Xiong-wei, ZHANG Yang, XIE Fang-fang. Overview of Side Channel Analysis Based on Convolutional Neural Network [J]. Computer Science, 2022, 49(5): 296-302.
[15] ZHANG Wen-xuan, WU Qin. Fine-grained Image Classification Based on Multi-branch Attention-augmentation [J]. Computer Science, 2022, 49(5): 105-112.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!